Monday, January 15, 2018

Rassoul Ghaznavi-zadeh, was kind enough to answer a few questions,
and share a free chapter from his book "kali linux – Hacking tools
introduction". Share

Rassoul Ghaznavi-zadeh, author of “kali linux – Hacking tools
introduction”, has been an IT security consultant since 1999. He started
as a network and security engineer, gathering knowledge on enterprise
businesses, security governance, and standards and frameworks such as
ISO, COBIT, HIPPA, SOC and PCI. With his assistance, numerous enterprise
organizations have reached safe harbors by testing, auditing and
following his security recommendations.

What made you write this book?

I have been working on Cybersecurity for more than 10 years now. A
couple of years ago, I put together all my notes about penetration and
ethical hacking and released them as a book. While I didn’t expect it, I
received lots of good comments, and sold a lot of copies. This year, I
decided to release a similar book with more details and information
which can even be used in academic environments.

The first chapter states that the purpose of your book is to
encourage and prepare the readers to act and work as ethical hackers.
Can you describe your views on what it means to be an ethical hacker?

Ethical hacking is a process of investigating vulnerabilities in an
environment, analyzing them and using the information gathered to
tighten security to protect that environment.
An Ethical hacker would have extensive knowledge about a range of
devices and systems. Ideally you should have multiple years of
experience in the IT industry and be familiar with different hardware,
software and networking technologies.
As an Ethical hacker you have a clear responsibility about how you
use your knowledge and techniques. It is also important to understand
the client’s expectations from an ethical hacker, and consider them when
assessing the security of a customer’s organization.

Can you give us a quick tip on starting a penetration project as an ethical hacker?

As hackers, breaking the law or getting into trouble can sometimes be
difficult to avoid, so it’s important to act legitimately and get your
paperwork ready in advance. This includes signed approvals to access the
customer’s network and system, signing an NDA, defining clear goals and
timelines for you and your team and notifying appropriate parties, such
as the sys admin, security department, legal department etc.

What new knowledge did you gain whilst writing your book?

Obviously writing a book is not an easy task,
considering this is not my main job. Writing this book was a good
opportunity for me not only to learn more about professional writing,
but also refreshing my knowledge about the hacking tools and techniques.
For every single tool introduction in this book, I have done some
manual work by installing and testing the latest version of them on the
newest version of Kali operating system.

Where can one acquire your book?

The book is available on most online stores like Amazon,
Google, Itunes, Barns and Noble, Kobo, etc. I also have a couple of
more books which can be found there including the original version of
this book, “Hacking and Securing Web Applications” and “Enterprise
Security Architecture”.
Following is the first of three chapters from “Kali Linux- Hacking tools introduction”.

Chapter 1- Ethical Hacking and Steps

By Rassoul Ghaznavi-zadehEthical hacking is a process of investigating vulnerabilities in
an environment, analyse them and use the information gathered to protect
that environment from those vulnerabilities. Ethical hacking requires a
legal and mutual agreement between ethical hacker and the asset and
system owners with a defined and agreed scope of work. Any act outside
of the agreed scope of work is illegal and not considered as part of
ethical hacking.

What is the purpose of this book? The purpose of this book is to prepare the readers to be able to
act and work as an ethical hacker. The techniques on this book must not
be used on any production network without having a formal approval from the ultimate owners of the systems and assets. Using
these techniques without having an approval can be illegal and can cause
serious damage to others intellectual property and is a crime.

What are the responsibilities of an Ethical Hacker?As an Ethical hacker you have a clear responsibly about how you
use your knowledge and techniques. It is also very important to
understand what the expectations from an Ethical hacker are and what you should consider when assessing the security of a
customer’s organization. Below are a couple of important things you must
consider as an Ethical hacker:

Must use your knowledge and tools only for legal purposes

Only hack to identify security issues with the goal of defence

Always seek management approval before starting any test

Create a test plan with the exact parameters and goals of test and get the management approval for that plan

Don’t forget, your job is to help strengthen network and nothing else!

What are the customer’s expectations?It is very important to understand the customer’s expectation
before starting any work. As the nature of this work (Ethical hacking)
is high risk and requires a lot of attentions; if you don’t have aclear understanding of their requirements and expectations, the
end result might not be what they want and your time and effort will be
wasted. This could also have some legal implications as well if you
don’t follow the rules and address customer’s expectation. Below are
some important things you should note:

You should work with customer to define goals and expectations

Don’t surprise or embarrass them by the issues that you might find

Keep the results and information confidential all the time

Company usually owns the resultant data not you

Customers expect full disclosure on problems and fixes

What are the required skills of the hacker?To be an Ethical hacker you should have extensive knowledge about
a range of devices and systems. Ideally you should have multiple years
of experience in IT industry and be familiar with different hardware,
software and networking technologies. Some of the important skills
required to be an Ethical hacker are as below:

Should already be a security expert in other areas (perimeter security, etc.)

Should already have experience as network or systems administrator

Experience on wide variety of Operating Systems such as Windows, Linux, UNIX, etc.

Extensive knowledge of TCP/IP – Ports, Protocols, Layers

Common knowledge about security and vulnerabilities and how to correct them

Must be familiar with hacking tools and techniques (We will cover this in this book)

How to get prepared for the Preparation testingOnce you want to start a penetration project, there are number of
things that you need to consider. Remember, without following the
proper steps, getting approvals and finalizing an agreement with
customer; using these techniques is illegal and against the law.